400-101 CCIE Routing and Switching 107 BGP Route Propogation Control

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] let's add this one more router to the mixer this is going to be our one now connected directly to our four and it is going to be in a s 100 the peering between our 4 and between our one is going to be between directly connected interfaces so no pairings between loop packs so peering between here and peering between here and this is just going to be a regular ebgp session so let's bring this router to the mix so I'm going to bring it in here and just going to bring that interface up and this is going to be fastethernet 0/0 so on our 4 interface fascinator 0 no shutdown and interface is up let's see if I can ping it okay I can ping it now I just noticed here there is one little wrong piece of information this is actually 14 not 12 so apologies about that going to try to correct it just noticed it with the corner of my eye it made no sense before so I had this tiny little error on this picture but anyways between r1 and r4 I can ping let's say here this works so let me bring in my notepad and I don't don't have that BGP configuration template handy but I know where to find it so this is where I'm going to get it from I'm going to copy this information here so this is going to be bgp community new format so this goes on our 4 I actually don't need this because it's already there so let's see what we have here labor is going to be 14 one remote is 100 so this is going to be well I don't need next up self either let me see is this all I need yes it is on the other one I will need bgp upgrade CLI and I'm sorry yes so here that will produce an error message but I don't really care about that this changes to 100 this changes to two four five six and this changes to four four and four and let's go to r1 and when I paste this in show IP BGP summary it should be coming up there we go it just came up while my impatience was kicking in so now if I do show IP BGP I do have my route in place let's advertise the network one at two one 6801 mask so I'm going to advertise the network of our one the loopback of our one if I do show IT BGP I should be seeing it here and all the way on our nine all the way here I should also be able to see this network if I do show at which P there it is and I should be able to ping between these two so from our nine I can ping our one so now we have networking place here that is very very good network to actually test some of the more advanced features of BGP so the next thing that I'm going to talk about is going to be some sort of filtering in BGP and it's going to be route propagation control so let's start with route propagation control so it's going to be relatively simple simple requirement that we are going to have so on our nine I would like to create for new look packs well actually let's say three new loop bags I want to create loopback 100 which is going to be let's say 10 0 100 0/24 I want to create loopback 101 which is going to be 10 0 1 0 1 0 / 24 I want loopback 102 which will be 10 0 1 0 2 0 / 24 so I want to create these loop bags oops that is not exactly what I wanted so I want to create these loopback interfaces here and I want to advertise these loop backs into BGP making sure that they have incomplete origin on all routers so here's my question to you how would you advertise these routes in BGP and have them have incomplete origin the answer that I am overwhelmed getting here is simply redistribute now when you redistribute the routes into BGP you are going to have an incomplete origin that's very good but there is a problem with that now if you tried and remember what we did in last couple of sections about this BGP I gave you a couple of tasks to this don't redistribute do this don't repeat distribute do this don't redistribute well that don't redistribute still holds true we are in the BGP task still so why do you think that redistribution here would be the correct solution yes that's the one by default but what if there was an explicit readest requirement here do not redistribute so if you are not allowed to redistribute and this creates incomplete origin by default what other option do we have well we can always use the route map to modify the attribute and origin is just one of the attributes is one of the attributes that is actually used in the best path selection process to determine which route is the best route now it's also one of the mandatory attributes in BGP together with the AAS path and the and the next hop when you use the Network statement to advertise routes in BGP they're going to have the origin of IGP so we can see that here so this eye here stands for origin so this doesn't mark the internal route it says that this route has the attribute called origin which is internal or origin is IGP now this is not to be mistaken with this eye here which indicates whether the route is internal or external so this route here says that this is an internal route the absence of this I says it's an external route but this origin here is actually an origin code which you can see here so the origin I GP is better than EGP which is better than incomplete so my tasks here says advertise those three loop backs from r9 and make sure that I have incomplete origin but do not redistribute so to do that I'm going to go to my text editor here and I'm going to create those three loop back so I'm going to interface loop back 100 IP address 10 100 or actually it was 10 0 100 by 10 9 don't forget to give it / 24 mask so I'm going to have to loop backs here then I'm going to create the route map and I'm simply going to call it set origin and I'm going to say set origin incomplete then I'm going to go to router bgp 900 address family ipv4 and here I'm going to say Network 10 0 100 0 mask and I need these three times so I need it for 101 102 but where do I put my route map now going back to the task here well I didn't write it down oh yeah I did actually write it down it says make sure that incomplete origin is on all routers so I can apply my route map in several locations I can apply the route map when I'm advertising these routes to our 6 now if I apply this route map when I'm advertising the route to our 6 the problem is going to be that origin will be incomplete on our 6 R 2 R 5 r 4 and R 1 but it will not be on our line that does not include all routers so I need to somehow apply this route map in such a way that it applies on our line as well now the good news is that I can actually set the route map on the network statement which will modify the attributes of the route at the point of their injection into BGP so they're going to be injected into BGP having this origin incomplete set there so if I go to a r9 and I paste this configuration and if I do show alpha BGP I should be seeing these three routes advertised and I can see their internal routes but if I do show IP well actually I can see it here selling me I can see now that they do have an origin incomplete so now if I go to r1 and if I do show IP BGP there I will be seeing these three routes actually I'm not just yet there we go I will be seeing these three routes arriving and they will actually have origin as incomplete all three of them so this was relatively easy so far now let's make this task a little bit more complex now I want loot back 100 so this route 1001 hundred 0/24 to be available only on our six well including our ninth on our line this is the injection point so only on our six ten zero one zero one zero slash 24 I want to be available only in a s 610 zero one zero tour there is a there is a little mistake there let me correct it just got a little bit carried away with numbers there 1:02 need to correct it here as well just in one more place apologies for this so this is one zero two okay and I want 10010 to 0/24 to be available only in a s two four five six so I need to implement or the policy in my BGP such that this first route is available only on our sexuality it's not advertised to our to and then further on that this route here for loopback 101 is available only in a s600 and that this 102 route is available only in our configuration but not in a s 100 now to make things more fun this configuration must all be done so all this policy must be implemented on our nine only so you are not allowed to modify any other routers to make this work let me explain first how I could do this if there was no restriction to do this only on our nine well what I could do is I could implement the filter on our six in the outbound direction towards r2 that allows the routes 101 and 102 but it does not allow route 100 also keep in mind that there is that loopback of our nine that we have to keep in mind then on our five s peering towards our four I could apply the policy in place that allows 1001 o2 0/24 together with the loop X of R 2 and R 9 then on our 4 towards r1 I could apply the policy that allows the loop backs of R 2 R 5 r 4 and our line but it does not allow any of the ab10 networks to be applied so I would need a policy on our six I would need a policy on our five and I would need a policy on our four that's one of the solutions there is there of course alternate solutions is where I could apply the inbound policy on r2 from r6 for filtering where I could apply inbound policy from our 4 or on the peering session between r5 and r4 i could apply an inbound policy on our 4 or I could end I could apply an inbound policy on our 1 or any combination of those but because I have prepared my network for using the communities so I have sent community configured on all of these routers now even if I'm not asked to use the communities the communities should come into mind here because they are probably the simplest solution for the problem now what are the communities so here just a brief introduction BGP communities are really just router tags they have the format of really large number but Convention says to display them as AAS number and some identifier and this is exactly what IP bgp community you format does now this is just a basic this is what the fundamentally route what fundamental bgp communities are but some communities have special meaning now this special meaning implies certain behavior by the routers when they have routes in their BGP tables that carry these communities these communities are referred to with the comma by common nail of well-known communities there are many well-known communities but the three are of particular interest for you as a CCI candidate these are no advertise no export and local areas as I say there are others that are may be of some importance there is an Internet community which by the way does really nothing there is cost community there is of course an extended community like route target there are oh s PF communities ew g RP communities used for MPLS VPNs same here so there are these less important lesser important well-known communities there is also things like no pier which really doesn't have an implied meaning it's more like a standard community to imply a certain filtering behavior in ISP networks but the routers won't do anything automatically with it but you can use this as a as a standard community to identify the routes that shouldn't be advertised to your peers but should be advertised to your transit carriers or your customers for example just an idea but these three here these are important ones so these are the ones that you really need to know how they behave so these are the important communities so let's take a look at these three so know advertised is very very simple community do not advertise this route to any peers so if the router has the route in its BGP table that has the new no advertise community it will not advertise this route to any peers that's simpler now no export simply means do not advertise this route to any external piers advertise this route not router but route to internal and Confederation piers now let's take a look at local s this simply means do not advertise this route to any external or Confederation peers but it means advertise this route to internal peers so this is what these three communities do so taking a look at our example here what is it that we actually need to do well if we are to use the communities to solve this problem really for this one that means to be advertised only to our six we are going to be using the local yes this one that means to stay in a sorry not localized or salami this one that needs to stay only on our six needs to be no advertised no advertise this one here that needs to stay in a s600 needs to get to local s and this one here that needs to stay in a s to four five six is going to be no export but again the question is where do we actually apply these communities where are we going to use the route map that is going to set this community now if we use this route map on our line on the network statements that actually inject this routing BGP we are going to have a problem because then our line will have in its own BGP table these three routes with no advertise low class and no expert communities which means none of them will actually be advertised to r6y because no advertise simply means do not advertise local a s means keep in your local Confederation s but if you're not using Confederation keep in your local a yes and this means keep it in a s 900 no export means don't advertise to any external peers which means don't advertise to a six which means that if I use these route maps on the network statement I'm going to create a trouble for me where I need to apply these is actually on this peering session when the route are being said so this is where we are going to apply our communities this is where we need to send the communities this is where we need to set the communities on our route so let's write out these route maps here so I'm going to need some prefixes I'm going to need some route maps and then I'm going to apply these filters and we are going to see how this filtering actually happens throughout the network so for that I'm of course going to need my node but the first thing that I'm going to do is I'm going to create a prefix list let's call it loopback 100 I'm going to say permit 10 0 100 0/24 and I will need three of these so this will be 1 0 1 1 0 2 then I'm going to need route map let's say this will be on the outbound direction to our 6 so we can say our 6 out permit 10 I'm going to say match IP address prefix list look like 100 and I will say set community no advertise and I will need 3 of these so this is 2030 this changes to 101 this changes to 102 this one here is local yes and this one here will be no export now if I apply this to my bgp session so let's go to a router bgp 900 address family ipv4 neighbor one is to 168 0 6 route map are six dash out in the outbound direction I will solve the requirements of this task so let's do that very quickly so here I am on our nine pasting this in now if I go to our six and we do show IP beach beam okay maybe we need to clear the session so as to clear ibgp star outbound actually soft out so now I see that on my r6 I actually do have the community here in my BGP table and it says here no advertise about 101 I have the local s and 102 has no export so if I go to r2 if I do show IP BGP here are my networks 101 and 102 Network 100 is not present if I go to our four if I do show IP v GP I should be seeing only one of these and this is 102 and if I go to our one show IP BGP I'm going to be seeing none of these networks however I have just failed an entire BGP section why did I fail the entire BGP section because if we go back one of the very first requirements was that our two loopback need to be able to ping our lines loopback let's give that a go so if I go to r2 and I tried ping one and two one 6809 source loopback 0 that is now failing it is now failing because if I take a look at the BGP table I do not have the route for our nines look back 0 I have created that problem for myself with this route map here so when I applied this route map I am explicitly allowing this I'm explicitly allowing this and I'm explicitly allowing this but there is just like with access list and implicit at the very end deny everything else now I don't know if it's order 99 or if it's no order but there is an implicit deny at the end what I need to do is anything that I did not explicitly match to set the community here in this particular case I actually need this permit statement otherwise I will be filtering out the loopback zero of our line basically losing the points for previous tasks so let's go back here to our line and let's just add this entry and let me do the soft clear on the session so if I do show IP BGP now at this point I should be getting the are lines look back so where was I testing this I was testing it from r2 let's add loopback number four so this fourth loopback that we are going to add on our nine it is going to be loopback 103 and let's say 10 0 1 0 3 0 / 24 now I want this loopback interface to behave in the exact to have the same behavior as loopback 102 so I wanted to have the low export community set and I want it to be advertised there so the solution for this task should be relatively simple so what I'm going to do is I'm going to go to our 9 I'm going to say interface loopback 103 IP address 1001 out of 3 9 like so going to go into the beach beam and here I'm going to show you a little cheating trick so the cheating trick here was that I couldn't be bothered to select paste select paste select paste I'll just copy pasted everything until the line that I actually needed to have which is okay because I'm just repeating commands that are already in place let me add the prefix list so it's going to be IP prefix list let me use the notepad for that so I'm going to add the new prefix list even though technically speaking I don't have to add new prefix list I can actually modify this one so let's do that like this so if I do now let me remove this one so here in in a single access list in a single prefix list line I'm allowing 1001 o to 0 slash 23 but I'm allowing the subnet slash 24 subnets of this and 2/24 subnets of this are going to be 102 and 103 exactly what I need so if I go to our 6 here if I do take a look at 102 it should have no export if I take a look at 103 it should have community no export set so with minimal modifications I have actually made the change that I needed and just to confirm I should have this route here on our 4 but I should not have this route on our 1 now this is the setup for the next bit the next bit is I want this loop back here this loop back 103 I want it to be available on our 1 in other words I want to make our for ignore the community instruction I want our 4 to actually ignore the no export community so basically ignore I'm going to put it on the quotes because you cannot ignore it you have to do something else ignore no export on 103 subnet well to do that what I need to do is actually configure an inbound route map to take care of it so let me show you how that will work so I'm configuring now an inbound route map so I'm going to say route map our five dash in and I'm going to create a prefix list IP prefix list look back 103 permit 10 0 103 0/24 and here I'm going to say match IP address prefix list loopback 103 and I'm going to say set community none now don't forget that you have that deny everything else or just going to permit all other routes and then here I'm going to say router bgp 400 address family ipv4 labor 192 168 45 5 route map r5 in in the inbound direction so if I apply this to my r4 clear I to BGP star soft in if I do show IP BGP 1001 or to 0 this one will have no export but 103 here no longer has no export so if I go to r1 if I do show IP v GP I'm going to see it available on our one so this solution works but this is very very brute force solution basically what I've done here is I have removed all the communities not only no export but I have removed all other communities that might be there now the task could have been worded do not affect any other communities that may have set on this route what other communities are there well we don't know but let's give it a try so here on our line I do have that one route map so do Shore run section route map so let's find that entry this one here let's say instead of simply set community no export let's add a couple more communities let's add for example 900 900 900 11900 151 and so on so whatever the list might be there so some generic random list of communities so if I go to our for now and let me up just clear that session so clear IP bgp star soft out so if i go to our 4 and if i take a look at network one or two of course every time i wanted to use soft out that doesn't quite there we go so now for network 102 i have this list of communities so there is no export but there is this other random list if i take a look at network 103 with our set community none i have basically deleted this whole list but what if the task told me make sure that other communities are not impacted with your solution well if that is the case this solution here does not work what i need is a way to actually take only that one community out that no export community that can also be done so there is this is an alternate more precise solution this stays what I need now is IP community list and just like with access list it means to have some numbers I'm just going to give it one and I'm going to say permit no exports I'm creating a community list that matches just no export community and here in my road map so I'm first going to remove the surf community none I'm going to say set come - list one delete basically what I'm doing now is I'm telling the router if you find the community that matches the access list one the community list one delete it all other communities should be unaffected so let me paste this in now one r4 so this goes in this goes in I'm going to remove set community none and going to add set come list delete now let's do clear IP BGP stars soft em and if I do show IP BG b 10 0 1 0 2 0 & 1 no 3 0 okay let's clear it one more time just to make sure that the route map is correct it is correct okay maybe I'm going to be there so Network 1001 or 3-0 take a look at this now all other communities that have been set are still there they're intact so with this solution that I applied now I have just sniped out that one community that I cared about so now on our one I have this network in just like before and on this router here show I to the GP sorry 1001 o30 I have all those communities intact now I have not been asked to install these communities there I just use them as an example to show you what the requirement of make sure that other communities are intact with your solution might actually mean do I recommend using set community Internet when clearing the communities well yeah sure why not I mean internet community really has no special field meaning it's it's one of those informative communities oh these are the internet routes so yeah you can use it you can also use that community but keep in mind that when you set when use set community what you are doing is okay let's take a look at the example here so another task so let me clean this up just a little bit actually not going to clean up going to add it here now the next task is when advertising to r1 so when advertising to our won 103 Network should have community internet set in addition to other communities or let's say let me reward that sort to make it a little bit more vague should have internet community set other communities should be intact okay so now I want to create a route map towards r1 and this one route should have this community set actually let me put it this way actually this this will allow me to show you one more thing all routes advertised from our four to our one should have community internet set all other communities should be intact well that should be easy let's go to our four actually let's do the app let's do the notepad first so I'm going to create a route map and this will be our one out and I'm going to say set community internet then router bgp what was it 400 address family ipv4 neighbor one and two 168 fourteen one route map are four dash out don't actually it's our one dash out in the outbound direction so let's paste this in to our form okay so this goes in and let's say clear IP BGP star soft out so if I go to r1 and if I do show IP BGP one and two one 6809 I see that zero nine has the community internet set or good now let's take a look at this right here take a look at this it says set community Internet oh that's what I did there it is the Internet community but if I take a look at our for this one or three route had some other communities configured so my set community internet here in this in this solution here has actually deleted this community list here and it has replaced it with this list here so this set community internet just like set community none will actually delete the existing communities all of them and replace the whole list with that just that one community internet but my task here had quite a different requirement it said that all routes should have community internet set other communities should be intact now in my case here were they intact no they were not intact they were actually removed so in this case I should use additive keyword now what this will do is it will append the Internet community to an existing list of communities if there is no existing list the new list will be created so let's put this in on r4 so if I do clear IP bgp soft out now if I go to r1 if I take a look at 102 168 0 9 I still have the same thing but if I take a look at my 1 or 3 route I now have Internet community set and I have those other communities installed so using set community Internet to remove other communities is okay but so is using set community none because you are going to have pretty much the same effect in in a sense that you will be removing an existing list but sometimes this may not be what you want to do as opposed to using set community list in my previous example to delete that one community can I just copy the existing list of communities and simply use them to replace well you could if they existed but the task was deliberately vague the task here says other communities should be intact but it doesn't tell you what other communities are so your solution needs to take into account any possible set of communities so if you have a list of communities yeah you could theoretically use it but if the question is vague like that and you don't actually have any other communities on the route what are you what list are you going to use do you know what are they going to be using in a grading script to verify your solution you don't know that so when you are faced with a task that might look like this don't think too much find a generic solution that will work no matter what they throw at you

Info

Channel: Networking Lessons

Views: 808

Rating: undefined out of 5

Keywords: configrouter.com, Cisco, Cisco Networking Videos, Cisco Networking

Id: 7V4yOdyHLBs

Channel Id: undefined

Length: 44min 24sec (2664 seconds)

Published: Thu Oct 12 2017